The read-only user may be created in OID using  Oracle Directory Services Manager or ldapadd command with an LDIF file.


The key is to make sure the user is not a member of any groups.

I. Steps For Creating a User With Oracle Directory Services Manager:

  1. Log into Oracle Directory Services Manager as superuser cn=orcladmin (http://<host&gt;:7777/odsm)
  2. Navigate to Data Browser Tab.
  3. Drill down under the root to the cn=users container.
  4. Right-click on cn=users and choose Create.
  5. Fill in the Distinguished name field with the FULL DN value. For example:
    cn=readonly,cn=users,dc=us,dc=oracle,dc=com
  6. Add the following objectclasses to the new user:

    top
    person
    organizationalPerson
    inetorgperson
    orcluser
    orcluserv2

  7. On the Mandatory Properties tab, fill in the cn and sn attributes. For example: readonlyuser
  8. On the Optional Properties tab fill in the following attribtues:

    mail
    givenname
    uid
    description
    userpassword

  9. Click OK.
  10. Check that the new readonlyuser is under the cn=users container.

III Steps For Creating a User Using an LDIF File:

    1. Create an text file (e.g., readonly.ldif) with the following:
      dn: cn=readonly, cn=Users,< subscriber domain >
      userpassword: < password >
      objectclass: top
      objectclass: person
      objectclass: organizationalPerson
      objectclass: inetorgperson
      objectclass: orcluser
      objectclass: orcluserV2
      mail: readonly
      givenname: readonly
      uid: readonly
      description: account to have readonly access
      sn: readonly
      cn: readonly

Example:

dn: cn=readonlytestuser, cn=Users,dc=emea,dc=eu,dc=int
mail: readonlytestuser@readonly.com
uid: readonlytestuser
userpassword: readonly1
description: Account to have readonly access to OID
givenname: readonlytestuser
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetorgperson
objectclass: orcluser
objectclass: orcluserV2
sn: readonlytestuser
cn: readonlytestuser

 

  1. Load it with ldapadd or you could use any ldap browser such as Apache Directory Studio to import the ldif. For example:
    ldapadd -h <OID_host> -p <OID_port> -D cn=orcladmin -w <password> -v -f readonly.ldif

Check Group Memberships:
To verify the user is NOT a member of any group, issue the following search:

ldapsearch -h <OID_host> -p <OID_port> -D "cn=orcladmin" -w <pwd> -s sub -b ""
 "(uniquemember=<full_user_DN>)" "dn"

Credit : Oracle Knowledge Document Doc ID 746612.1

How to Create an OID User Account With read-only / readonly / read only Privileges in Oracle Directory Manager (ODM) Admin Console or Using ldapadd (Doc ID 746612.1)

Please note if you want to login with this user using ldap browsers or ODSM then Bind DN or User must be specified as,

cn=readonlytestuser, cn=Users,dc=emea,dc=eu,dc=int

AND NOT just ->  cn=readonlytestuser